Date: Sun, 18 May 2025 16:40:34 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 286910] ifconfig(8) crashes when using "netmask" instead of "prefixlen" for inet6 deletion Message-ID: <bug-286910-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286910 Bug ID: 286910 Summary: ifconfig(8) crashes when using "netmask" instead of "prefixlen" for inet6 deletion Product: Base System Version: 14.2-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: hayzam@alchemilla.io When attempting to delete an inet6 address using ifconfig on FreeBSD, if the netmask keyword is mistakenly used in place of prefixlen, ifconfig crashes with a segmentation fault. Although this is a misuse of syntax, the utility should gracefully handle the error and return a usage or invalid argument error rather than crashing. Steps to reproduce: 1) Add an IPv6 address: ifconfig lo0 inet6 2001:db8::1234/64 2) Try to delete it using the wrong keyword: ifconfig lo0 inet6 2001:db8::1234 netmask 64 delete Expected result: ifconfig should reject the unsupported netmask keyword for IPv6 with an error message and exit non-zero or treat it exactly like prefixlen? Actual result: ifconfig crashes with: Program received signal SIGSEGV, Segmentation fault. Address not mapped to object. in6_getaddr (addr_str="64", which=2) at af_inet6.c:431 431 px->set = true; System version: FreeBSD bsd-box 14.2-RELEASE-p1 FreeBSD 14.2-RELEASE-p1 GENERIC amd64 Notes: Using the correct syntax works as expected: ifconfig lo0 inet6 2001:db8::1234 prefixlen 64 delete This appears to be a missing parser alias for netmask → prefixlen in the IPv6 command table. Patch: Please see the following patch, which simply adds a netmask alias so that IPv6 treats it identically to prefixlen, preventing the NULL-deref: --- af_inet6.c.orig 2025-05-18 19:43:25.886739000 +0400 +++ af_inet6.c 2025-05-18 19:43:31.009653000 +0400 @@ -693,6 +693,7 @@ static struct cmd inet6_cmds[] = { DEF_CMD_ARG("prefixlen", setifprefixlen), + DEF_CMD_ARG("netmask", setifprefixlen), DEF_CMD("anycast", IN6_IFF_ANYCAST, setip6flags), DEF_CMD("tentative", IN6_IFF_TENTATIVE,setip6flags), DEF_CMD("-tentative", -IN6_IFF_TENTATIVE,setip6flags), This patch has been tested on 14.2-RELEASE-p1 and prevents the segfault without altering any other behavior. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-286910-227>